CVE-2022-25347

Опубликовано: 29 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01
Mitigation
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-081-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:deltaww:diaenergie:*:*:*:*:*:*:*:*

Версия до 1.8.02.004 (исключая)

EPSS

Процентиль: 70%

0.00635

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-37

CWE-22

Связанные уязвимости

GHSA-g72m-m9vm-p582

CVSS3: 7.5

github

почти 4 года назад

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.

EPSS

Процентиль: 70%

0.00635

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-37

CWE-22